What are two advantages of splitting a larger OSPF area into a number of smaller areas? (Select two )

1. A. It extends the LSDB
2. B. It increases stability
3. C. it simplifies the configuration.
4. D. It reduces processing overhead.
5. E. It reduces the total number of LSAs

Correct Answer: BD
Splitting a larger OSPF area into a number of smaller areas has several advantages for network scalability and performance. Some of these advantages are:
✑ It increases stability by limiting the impact of topology changes within an area.
When a link or router fails in an area, only routers within that area need to run the SPF algorithm and update their routing tables. Routers in other areas are not affected by the change and do not need to recalculate their routes.
✑ It reduces processing overhead by reducing the size and frequency of link-state advertisements (LSAs). LSAs are packets that contain information about the network topology and are flooded within an area. By dividing a network into smaller areas, each area has fewer LSAs to generate, store, and process, which saves CPU and memory resources on routers.
✑ It reduces bandwidth consumption by reducing the amount of routing information exchanged between areas. Routers that connect different areas, called area border routers (ABRs), summarize the routing information from one area into a single LSA and advertise it to another area. This reduces the number of LSAs that need to be transmitted across area boundaries and saves network bandwidth.
References: https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first- ospf/7039-1.html https://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first- ospf/13703-8.html

Your manufacturing client is having installers deploy seventy headless scanners and fifty IP cameras in their warehouse These new devices do not support 802 1X authentication.
How can HPE Aruba reduce the IT administration overhead associated with this deployment while maintaining a secure environment using MPSK?

1. A. Have the installers generate keys with ClearPass Self Service Registration.
2. B. Have the MPSK gateway derive the unique pre-shared keys based on the MAC OUI.
3. C. Use MPSK Local to automatically provide unique pre-shared keys for devices.
4. D. MPSK Local will allow the cameras to share a key and the scanners to share a different key

Correct Answer: C
MPSK Local is a feature that can reduce the IT administration overhead associated with deploying devices that do not support 802.1X authentication while maintaining a secure environment. MPSK Local allows the switch to automatically generate and assign unique pre-shared keys for devices based on their MAC addresses, without requiring any configuration on the devices or an external authentication server. The other options are incorrect because they either require manual intervention by the installers or the MPSK gateway, or they do not provide unique pre-shared keys for devices. References: https://www.arubanetworks.com/techdocs/AOS-CX_10_08/UG/bk01- ch05.html https://www.arubanetworks.com/techdocs/AOS-CX_10_08/UG/bk01-ch06.html

A company recently deployed new Aruba Access Points at different branch offices Wireless 802.1X authentication will be against a RADIUS server in the cloud. The security team is concerned that the traffic between the AP and the RADIUS server will be exposed.
What is the appropriate solution for this scenario?

1. A. Enable EAP-TLS on all wireless devices
2. B. Configure RadSec on the AP and Aruba Central.
3. C. Enable EAP-TTLS on all wireless devices.
4. D. Configure RadSec on the AP and the RADIUS server

Correct Answer: D
This is the appropriate solution for this scenario where wireless 802.1X authentication will be against a RADIUS server in the cloud and the security team is concerned that the traffic between the AP and the RADIUS server will be exposed. RadSec, also known as RADIUS over TLS, is a protocol that provides encryption and authentication for RADIUS traffic over TCP and TLS. RadSec can be configured on both the AP and the RADIUS server to establish a secure tunnel for exchanging RADIUS packets. The other options are incorrect because they either do not provide encryption or authentication for RADIUS traffic or do not involve RadSec. References: https://www.securew2.com/blog/what-is-radsec/ https://www.cloudradius.com/radsec-vs- radius/

You are building a configuration in Central that will be used for a standardized network design for small sites for your company, you want to use GUI configuration for gateways and Aps, while template configuration for switches. You need to align with Aruba best practices.
Which set of actions will satisfy these requirements?

1. A. Create one group in Central for switches a second group for AP
2. B. and a third group for gateways Create a unique site for each location, and assign devices to the appropriate site.
3. C. Create one group in Central for switches and a second group for APs and gateway
4. D. Create a unique site for each location, and assign devices to the appropriate site.
5. E. Create a single group in Centra
6. F. Create a unique site for each location, and assign devices to the appropriate site.
7. G. Create a single group in Centra
8. H. Create a unique site for each type of device, and assign devices to the appropriate site.

Correct Answer: C
This is because option C shows how to create a single group in Central with different configuration methods defined for each device type. For example, you can create a group with the name Group1, and within this group, you can enable template-based configuration method for switches and UI-based configuration method for Instant APs and Gateways. Aruba Central identifies both these groups under a single name (Group1). If a device type in the group is marked for template-based configuration method, the group name is prefixed with TG (TG Group1). You can use Group1 as the group ID for workflows such as user management, monitoring, reports, and audit trail2.
https://www.arubanetworks.com/techdocs/central/latest/content/nms/groups/abt- groups.htm 2: https://www.arubanetworks.com/techdocs/central/latest/content/nms/groups/groups.htm

When setting up an Aruba CX VSX pair, which information does the Inter-Switch Link Protocol configuration use in the configuration created?

1. A. hello interval is disabled by default
2. B. hello interval is based on the value set by dead interval
3. C. hello interval 100ms by default
4. D. hello interval is 1s by default

Correct Answer: D
The reason is that the Inter-Switch Link Protocol (ISLP) is a protocol that enables VSX stack join and synchronization between two VSX peer switches. ISLP uses a hello interval to exchange control messages between the switches.
The hello interval is a parameter that specifies the time interval between sending hello messages. The default value of the hello interval is 1 second. The hello interval can be configured from 1 second to 10 seconds. https://www.arubanetworks.com/techdocs/AOS-CX/10.04/HTML/5200-6728/index.html